You are here

Home

Wallet Implementation

Fri, 01/25/2013 - 15:45 - boss
Project ID: 
129
Current stage: 
5_Completed
Manager: 
idurkacz
Unit: 
inf-unit
What: 

Description: wallet is a system for managing secure data. We would like to investigate this, with a view to implementing our own wallet based system.

Deliverables: Server/client infrastructure, packaged software, wallet component to manage server/clients, integration into install process.

Why: 

Customer: Initially COs, perhaps also useful for non-sysadmin purposes, e.g. user keytab management.

Case statement: We have identified a number of use-cases where we need to be able to
better manage secure data:

  • Management of keytabs, to replace the existing system, which causes problems with each new OS release
  • Management of externally obtained X.509 certificates
  • Management of SSH host keys, such that they persist across reinstalls
  • Management of local X.509 certificates, possibly to replace SIXKTS
When: 

Status: Complete.

Documentation:

  1. Evaluation Report - Draft 1
  2. Evaluation Report - Draft 2
  3. Saving/restoring X.509 certificates
  4. Final Report

Timescales:

Priority:

Time:

How: 

Proposal:

Resources:

  • Review: 1 day
  • Evaluation: 2 weeks
  • Implementation: 2 weeks+ , but timescales are dependent on work identified in the evaluation

Plan: The project will consist of three distinct phases:

  1. Review: a brief survey of any other available options in order to detemine whether Wallet is the correct and/or only suitable technology.
  2. Evaluation: an investigation into wallet to determine to what extent
    it fits our needs. The objects currently supported by wallet are
    files and keytabs, but the system is designed to be extensible.
    The investigation phase would need to assess what additional work
    is required. We will produce a report following the evaluation phase.
  3. Implementation: do all the work identified in the end of evaluation report.
Other: 

Dependencies: software prerequisites: remctl, MIT kerberos, perl, various perl modules (most, if not all, already in place)

Risks:

Milestones

Proposed date Achieved date Name Description
2010-03-02 2010-03-02 0.0 Review any other alternative options; decide the case for using Wallet
2010-03-12 2010-03-12 1.0 Install and configure a test Wallet service
2010-03-26 2010-03-26 1.1 Experiment with test service in order to get a firmer idea of how the system can meet our needs and what will need to be built
2010-07-23 2010-05-23 2.0 Produce a production service as a result of the decisions made in the evaluation
2010-04-01 2010-04-02 1.2 Document the results of the evaluation